saulteafarmer/plebdevs
1
0
Fork 0
mirror of https://github.com/AustinKelsay/plebdevs.git synced 2025-04-19 19:01:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Security updates to image proxy

Browse Source
This commit is contained in:
austinkelsay 2024-09-25 11:22:45 -05:00
parent ca77e2674f
commit 24afd44409
1 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/pages/api/image-proxy.js
View File

@ -12,14 +12,26 @@ export default async function handler(req, res) {
const response = await axios({
method: 'GET',
url: imageUrl,
responseType: 'stream',
responseType: 'arraybuffer',
timeout: 8000, // Set a timeout to prevent long-running requests
// limit the size of the response to 100MB
maxContentLength: 100 * 1024 * 1024,
});
// Forward the content type
res.setHeader('Content-Type', response.headers['content-type']);
// Validate content type
const contentType = response.headers['content-type'];
const allowedContentTypes = ['image/jpeg', 'image/png', 'image/gif', 'image/webp'];
if (!allowedContentTypes.includes(contentType)) {
return res.status(403).json({ error: 'Invalid content type' });
}
// Stream the image from the external source to the client
response.data.pipe(res);
// Set security headers
res.setHeader('Content-Security-Policy', "img-src 'self'; object-src 'none'");
res.setHeader('X-Content-Type-Options', 'nosniff');
// Set the content type and send the image data
res.setHeader('Content-Type', contentType);
res.send(response.data);
} catch (error) {
console.error('Image proxy error:', error);
res.status(500).json({ error: 'Failed to fetch image' });